[Webkit-unassigned] [Bug 151162] [win] Heap corruption when closing webView not associated with a window

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 17 17:24:23 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=151162

--- Comment #1 from isaac+webkit at devinesystems.co.nz ---
This also affects minibrowser in the tests directory. (run it, attach debugger and close the minibrowser window).

I.e. it affects *all webviews*, including those attached to host windows.

Turns out the assertion is thrown when m_mutex is destroyed in Hashtable.h (line 493).
The Lock pointer held by the unique_ptr is bad, as shown by the following stack trace:

>	ucrtbased.dll!free_dbg_nolock(void * const block, const int block_use) Line 892	C++
     ucrtbased.dll!_free_dbg(void * block, int block_use) Line 1011    C++
     WebKit.dll!operator delete(void * block) Line 17    C++
     WebKit.dll!operator delete(void * block, unsigned int __formal) Line 15    C++
     WebKit.dll!std::default_delete<WTF::Lock>::operator()(WTF::Lock * _Ptr) Line 1201    C++
     WebKit.dll!std::unique_ptr<WTF::Lock,std::default_delete<WTF::Lock> >::~unique_ptr<WTF::Lock,std::default_delete<WTF::Lock> >() Line 1404    C++
     WebKit.dll!WTF::HashTable<WTF::String,WTF::KeyValuePair<WTF::String,Inspector::SupplementalBackendDispatcher *>,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String,Inspector::SupplementalBackendDispatcher *> >,WTF::StringHash,WTF::HashMap<WTF::String,Inspector::SupplementalBackendDispatcher *,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<Inspector::SupplementalBackendDispatcher *> >::KeyValuePairTraits,WTF::HashTraits<WTF::String> >::~HashTable<WTF::String,WTF::KeyValuePair<WTF::String,Inspector::SupplementalBackendDispatcher *>,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String,Inspector::SupplementalBackendDispatcher *> >,WTF::StringHash,WTF::HashMap<WTF::String,Inspector::SupplementalBackendDispatcher *,WTF::StringHash,WTF::HashTraits<WTF::String>,WTF::HashTraits<Inspector::SupplementalBackendDispatcher *> >::KeyValuePairTraits,WTF::HashTraits<WTF::String> >() Line 362    C++
     [External Code]    
     WebKit.dll!WTF::RefCounted<Inspector::BackendDispatcher>::deref() Line 146    C++
     WebKit.dll!WTF::Ref<Inspector::BackendDispatcher>::~Ref<Inspector::BackendDispatcher>() Line 57    C++
     WebKit.dll!WebCore::InspectorController::~InspectorController() Line 190    C++
     [External Code]    
     WebKit.dll!WebCore::Page::~Page() Line 293    C++
     [External Code]    
     WebKit.dll!WebView::close() Line 769    C++
     webkitdebugheap.exe!WinMain(HINSTANCE__ * hinst, HINSTANCE__ * __formal, char * __formal, int nShowCmd) Line 214    C++
     [External Code]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151118/52cecbcd/attachment.html>

More information about the webkit-unassigned mailing list